Guide to intrusion detection and prevention

SearchSecurity.com & SearchNetworking.com

This guide was created in partnership between:

It's no secret that a layered security structure is the key to protecting networks from pernicious intrusions. One of the major components in that structure is having solid intrusion detection and prevention. Created in partnership with our sister site, SearchSecurity.com, this guide is a compilation of resources that explain what intrusion detection and prevention are, how they work, troubleshooting, configurations and more. Send us an e-mail to let us know what other guides you would like to see on SearchNetworking.com.

Requires Free Membership to View

By submitting your registration information to SearchNetworking.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchNetworking.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

TABLE OF CONTENTS

   Introduction to Intrusion Detection and Prevention
   IDS/IPS Architecture
   Wireless Intrusion Detection
   IDS/IPS Implementation and Placement
   Troubleshooting and False Positives
   Snort and Other Sniffers
   Product Reviews and Buying Advice
   The Future of Intrusion Detection and Prevention
   More Learning Resources

Introduction to Intrusion Detection and Prevention

Return to Table of Contents

Glossary Definition: Intrusion detection (SearchNetworking.com)
Glossary Definition: Intrusion prevention (SearchNetworking.com)
Tip: Intrusion detection basics (SearchSecurity.com)
Tip: Common security measures (SearchNetworking.com)
Quiz: Intrusion detection and prevention systems (SearchSecurity.com)
Quiz: Intrusion-prevention systems (SearchSecurity.com)
Advice: The ABCs of intrusion detection (SearchSecurity.com)
Advice: How do intrusion detection systems work? (SearchNetworking.com)
Advice: What are the algorithms and encryption methods used in intrusion prevention systems? (SearchNetworking.com)
Book Chapter: The Tao of Network Security Monitoring, Beyond Intrusion Detection, Chapter 11 (SearchNetworking.com)
Featured Topic: IDS best practices (SearchSecurity.com)
Tutorial: A walk-through of an attack (SearchNetworking.com)
Webcast: Five steps to IDS success (SearchSecurity.com)

IDS/IPS Architecture

Return to Table of Contents

Article: Hybrid honeypots 'shadow' intrusion prevention systems (SearchSecurity.com)
Article: Signature-based threats: Moving beyond 'picking off penguins' (SearchSecurity.com)
Column: The preconditions for next-generation security (SearchNetworking.com)
Tip: IDS: Signature versus anomaly detection (SearchSecurity.com)
Tip: Briddging the gap between perimeter and host security (SearchSecurity.com)
Tip: Battling worms with network-based IPS (SearchSecurity.com)

Wireless Intrusion Detection

Return to Table of Contents

Tip: Beyond wireless intrusion detection (SearchNetworking.com)
Tip: Wireless LAN intrusion detection (SearchSecurity.com)
Tip: Managing Wi-Fi stations (SearchNetworking.com)
Tip: Why distributed wireless IDS is needed (SearchSecurity.com)
Tip: Signs of WLAN intrusion (SearchNetworking.com)
Q&A: Wireless IDS, a crucial part of your security strategy (SearchSecurity.com)
Review: AirMagnet Enterprise 5.0 steps up wireless IDS (SearchSecurity.com)

IDS/IPS Implementation and Placement

Return to Table of Contents

Article: The evolving art of networking self-defense (SearchNetworking.com)
Q&A: Tips for maximizing the effectiveness of IDS/IPS (SearchSecurity.com)
Tip: Maximizing IDS/IPS implementations (SearchSecurity.com)
Tip: Evaluating and tuning an intrusion detection system (SearchSecurity.com)
Tip: Where to place IDS sensors (SearchSecurity.com)
Tip: Troubleshooting firewalls (SearchNetworking.com)
Advice: Implementing IDS in small- to medium-sized businesses (SearchSecurity.com)
Advice: Firewall placement (SearchNetworking.com)
Webcast: Secrets to using IDS and IPS effectively (SearchSecurity.com)

Troubleshooting and False Positives

Return to Table of Contents

Glossary Definition: False positive (SearchNetworking.com)
Article: New semantics-aware IDS reduces false positives (SearchSecurity.com)
Q&A: Tips for maximizing the effectiveness of IDS/IPS (SearchSecurity.com)
Tip: How to limit false positives in IPSes (SearchSecurity.com)
Tip: Generic exploit blocking: A defense against malicious possibilities (SearchNetworking.com)
Tip: Target-based IDS muffles the noise to take aim on the alerts that count (SearchSecurity.com)
Tutorial: A walk-through of an attack (SearchNetworking.com)
Tutorial: Guide to penetration testing (SearchNetworking.com)

Snort and Other Sniffers

Return to Table of Contents

Glossary Definition: Snort (SearchSecurity.com)
Glossary Definition: Sniffer (SearchNetworking.com)
Article: Sniffer spinoff: Sign of weakness or opportunity? (SearchNetworking.com)
Article: Sourcefire offers Snort certification and online training (SearchSecurity.com)
Article: Sniffer update has a nose for data capture (SearchNetworking.com)
Advice: What is a sniffer? (SearchNetworking.com)
Advice: What's the difference between packet "sniffers" and protocol analyzers? (SearchNetworking.com)
Tip: How to determine how many interfaces a sensor needs (SearchSecurity.com)
Tip: What OS to use for Snort sensors (SearchSecurity.com)
Tip: How to deal with switches and segments (SearchSecurity.com)
Tip: Why Snort makes IDS worth the time and effort (SearchSecurity.com)
Tip: How to verify that Snort is operating (SearchSecurity.com)
Tip: How to automatically update Snort rules (SearchSecurity.com)
Tip: Where to find Snort rules (SearchSecurity.com)
Tip: How to decipher the Oinkcode (SearchSecurity.com)

Product Reviews and Buying Advice

Return to Table of Contents

Review: Enterasys's Dynamic Intrusion Response is a 'hot' IPS (SearchSecurity.com)
Review: Tripwire Enterprise provides robust, intrusion reporting (SearchSecurity.com)
Review: AirMagnet Enterprise 5.0 steps up wireless IDS (SearchSecurity.com)
Review: Products of the Year: Intrusion detection systems (SearchSecurity.com)
Review: Products of the Year: Intrusion prevention systems (SearchSecurity.com)
Review: Sentivist IPS (SearchSecurity.com)
Article: Open-source IPS testing tool released (SearchSecurity.com)
Advice: Choosing the 'hottest' IPS on the market (SearchSecurity.com)

The Future of Intrusion Detection and Prevention

Return to Table of Contents

Article: New Cisco security strategy targets elusive threats (SearchNetworking.com)
Article: A human connection to intrusion detection (SearchSecurity.com)
Column: Linking security to the enterprise mission (SearchNetworking.com)
Column: The 10 traits of effective security (SearchNetworking.com)
Tip: Next-generation intrusion prevention: Defense before, during and after the attack (SearchSecurity.com)
Tip: The future of network security: Intelligence behind IPS (SearchNetworking.com)
Book Chapter: The future of intrusion detection and prevention (SearchSecurity.com)
Presentation: Advanced intrustion defense (SearchSecurity.com)
Featured Topic: Intrusion defense (SearchSecurity.com)

More Learning Resources

Return to Table of Contents

Firewall Resource Guide
Guide to network performance management
Guide to network administration
Snort Technical Guide
Learning Guide: Understanding Your Authentication Options
Dig Deeper
- People who read this also read...
  
  Identity management compliance: How IAM systems support compliance
  
  What is Kilo, mega, giga, tera, peta, and all that? - Definition from Whatis.com
  
  What is SAP? - Definition from WhatIs.com
  
  What is TCP/IP (Transmission Control Protocol/Internet Protocol)? - Definition from WhatIs.com
  
  What is cloud computing? - Definition from Whatis.com
- Related glossary terms
  
  Terms for Whatis.com - the technology online dictionary
  
  National eGovernance Service Delivery Gateway (NSDG)
  
  firewall
  
  MIEL e-Security
  
  dynamic packet filter
  
  stateful inspection
  
  HELLO packet
  
  anti-replay protocol
  
  rule base
  
  Metasploit Project - Metasploit Framework
  
  packet filtering
Show me more
This was first published in December 2005

Join the conversationComment

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Latest Headlines

Topics

Hot Topics

Guides

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Blogs

Guide to intrusion detection and prevention

Requires Free Membership to View

Dig Deeper

People who read this also read...

Related glossary terms

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

You May Also Be Interested In...

More Background

More Details

More from Related TechTarget Sites